Windows Security Log Event ID 4931
4931: An Active Directory replica destination naming context was modified
On this page
Directory Service replication has little to no security relevance. I recommend disabling these 2 subcategories:
Directory Service Replication
Detailed Directory Service Replication
Since DCSync and DCShadow have come out I've changed my mind about the above statement. Check out this webinar AD Attack Deep Dive: Gaining Persistence using DCSync and DCShadow with Mimikatz
Free Security Log Resources by Randy
Supercharger Enterprise
Load Balancing for Windows Event Collection
An Active Directory replica destination naming context was modified
Destination DRA: 657aa2e2-f523-48ab-b573-e32d1d27fdd0._msdcs.acme-fr.local
Source DRA: CN=NTDS Settings,CN=WIN-857ZZX6RQHL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=acme-fr,DC=local
Destination Address: -
Naming Context: DC=ForestDnsZones,DC=acme-fr,DC=local
Options: 23
Status Code: 0
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection